Remote Desktop won't remember credentials on Windows 7
-
Wednesday, April 13, 2011 8:51 PM
I have a Terminal Server running Windows Server 2008 Standard SP1. Domain controller is running Server 2008 SP2. We want our users to be able to save credentials on the desktops to log in automatically. On Windows XP, it works fine, on Windows 7 we get the error:
Your credentials did not work: Your system administrator does not allow the use of saved credentials to log on to the remote computer x.y.com because its identity is not fully verified. Please enter new credentials.
The server is not configured to require saved credentials: Remote Desktop Configuration is set to not require credentials. Domain Group Policy is set to not require credentials (Computer Config\Administrative templates\windows components\Terminal services\terminal server\security\Always prompt for password upon connection). I've tested it on RDP 6.0 and 6.1 on XP machines and they work fine. It doesn't work in Windows 7. I followed the instructions from here:
http://alinconstantin.blogspot.com/2007/08/terminal-service-client-not-using-saved.html
Which I got from this technet post:
But to no avail. Since the server name doesn't match the FQDN, I've also tried installing the cert in Trusted Root, Intermediate Root and Third Party Root, but still get the error. I've searched the internet but haven't been able to find anything. Please let me know how to fix this. Thanks
All Replies
-
Friday, April 15, 2011 9:02 AMModerator
Hi,
Thanks for the post!
Try the following steps:
1. On your Windows 7 client, click Start, input gpedit.msc in search bar, press Enter.
2. Navigate to Computer Configuration\Administrative Templates\System\Credentials Delegation.
3. On the right pane, double click Allow Saved Credentials with NTLM-only Server Authentication.
4. Click Enable. In the Show contents dialog box, click Add, type the name of remote computer(server) in this format: TERMSRV\<computername>, then click OK.
Now check if it works.
Regards,
Miya
This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.- Proposed As Answer by SConstantine Wednesday, September 26, 2012 7:36 PM
-
Friday, April 15, 2011 12:48 PMI ran into something similar a while back and what I found in my situation was remote desktop would not work using machine name, authentication would fail. however it worked as it should if I used the ip address.
-
Friday, April 15, 2011 8:27 PMYes, I've tried that and it doesn't work. I am part of a different domain, but I don't believe that group policy is set from the domain.
-
Friday, April 15, 2011 8:40 PM
Sorry, let me be clear....
Miya, I did make that change but it did not resolve the issue. I also tried with the IP address and added the IP address to allowed servers, but it still prompts for my password.
-
Monday, April 18, 2011 9:03 AMModerator
Yes, I've tried that and it doesn't work. I am part of a different domain, but I don't believe that group policy is set from the domain.
Do you mean you access the shared folder on Domain A from a domainB-joined client?What type of trust is create betweent the domains?
You can refer to Best Practice for using security security groups accross forests in http://technet.microsoft.com/en-us/library/cc772808(WS.10).aspx
Regards,
Miya
This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.- Marked As Answer by Miya YaoModerator Thursday, April 28, 2011 6:48 AM
-
Friday, April 22, 2011 7:51 PM
The workstation I test from is on a completely different forest that's not connected in any way to the terminal server I'm connecting to. However, when I test this from a windows 7 machine not attached to any domain, it works just fine. There must be some GP setting I'm missing in the domain attached to my computer. I'm checking with the client to see if they're attached to a domain.
- Marked As Answer by Miya YaoModerator Thursday, April 28, 2011 6:48 AM
-
Tuesday, June 21, 2011 7:11 PM
Hi!
i have the same problem....
so what is the solution?
Thank,
Aviv Hassidim
-
Sunday, July 31, 2011 1:26 PM
i have change the deafult domin security policy and it works
-
Sunday, July 31, 2011 9:04 PM
For some reason when I connect to different domains at the same time I run across the same problems.
Seems to be some issue of trust between domains. I do not use AD here, no need.
I have read manuals galore on AD and I recall trust was mentioned when dealing with consolidation.
Windows MVP, XP, Vista, 7. Expanding into Windows Server 2008 R2, SQL Server, SharePoint etc
I feel badly for my American friends who have to endure the extremists in Washington who are bankrupting the nation over ideology.
My page on Video Card Problems is now my most popular landing page. See my gaming site for game reviews etc.
Developer | Windows IT | Chess | Economics | Hardcore Games | Vegan Advocate | PC R
-
Thursday, March 29, 2012 2:52 PMThanks for the steps. This worked for me. I used the wildcard TERMSRV/* instead of specifying individual hosts.
-
Friday, March 01, 2013 4:00 PM
This issue is similar to mine.
Single Physical Server running Windows Server 2008 R2 Standard 64bit.
Configured as a DC and Terminal Server only. I have 6 Domain Accounts on the Server and the users login from 6 sites over the WAN using a mixture of Windows XP and Wndows 7 Client machines - which are members of Windows Domains in their own LANs.
The problem does only appear to affect Windows 7 Clients.
I tried altering the settings Miya has suggested above, but it still does not allow me connect with the saved credentials.
The error suggests a Server-side policy that is preventing the users connecting with the RDP clients and using saved credentials. The error message states it is to do with Identity Verification. SO it stops and asks for the password again.
It is important to resolve this asap, so if anybody can shed any more light on this I would really appreiate that.
Thanks folks! :-)
Richard
-
Friday, March 01, 2013 4:52 PM
I have found that using the procedure described above by Miya does work for my scenario; however there is a minor mistake in steps 3 & 4.
Original:
1. On your Windows 7 client, click Start, input gpedit.msc in search bar, press Enter.
2. Navigate to Computer Configuration\Administrative Templates\System\Credentials Delegation.
3. On the right pane, double click Allow Saved Credentials with NTLM-only Server Authentication.
4. Click Enable. In the Show contents dialog box, click Add, type the name of remote computer(server) in this format:TERMSRV\<computername>, then click OK.
New:
1. On your Windows 7 client, click Start, input gpedit.msc in search bar, press Enter.
2. Navigate to Computer Configuration\Administrative Templates\System\Credentials Delegation.
3. On the right pane, double click Allow Delegating Saved Credentials with NTLM-only Server Authentication.
4. Click Enable. In the Show contents dialog box, click Add, type the name of remote computer(server) in this format:TERMSRV/<computername>, then click OK.
NOTE THE DIRECTION OF THE SLASH CHARACTER - FORWARD SLASH, NOT BACKSLASH!
I used "TERMSRV/*" to get it to work for my requirements.
Richard
- Proposed As Answer by Archytype Friday, March 01, 2013 4:53 PM
-
Friday, March 01, 2013 7:16 PM
try this
Windows MVP, XP, Vista, 7 and 8. More people have climbed Everest than having 3 MVP's on the wall.
Hardcore Games, Legendary is the only Way to Play
Developer | Windows IT | Chess | Economics | Vegan Advocate | PC Reviews
-
Wednesday, April 03, 2013 1:34 PM
In my case the issue only happened when connecting to some of the terminal servers in the trusted domain. The root CA was installed in the Trusted Root CAs store of all clients.
It was due to the fact that RDP did not pick a certificate that was issued to the machine by a CA, but instead it picked an auto generated certificate.
To change that you have to go to Administrative Tools/Remote Desktop Services/Remote Desktop Session Host Configuration. Right click on RDP-Tcp under Connections and select Properties. Under Certificiate click on Select and select the correct certificate (Purpose: Proves your identity to a remote computer).
-
Wednesday, April 03, 2013 6:51 PM
I should mention that for some reason there are some credential problems of late.
On the weekend I cleaned up my rig with a fresh install as there were some game issues.
I was also getting a lot of certificate messages so I am wondering if that was corrupted.
If its a continuing problem, might be time for a fresh install of Windows
Windows MVP, XP, Vista, 7 and 8. More people have climbed Everest than having 3 MVP's on the wall.
Hardcore Games, Legendary is the only Way to Play
Developer | Windows IT | Chess | Economics | Vegan Advocate | PC Reviews
-
Thursday, April 11, 2013 9:28 PMCan anyone having this problem when attached to a domain confirm that their AD servers are running on server 2003 without the optional expanded GP settings patch?
-
Thursday, April 11, 2013 9:38 PM
Can anyone having this problem when attached to a domain confirm that their AD servers are running on server 2003 without the optional expanded GP settings patch?
Been a very long time since I use Server 2003. That is now out of mainstream support and near the end of extended support.
I have a VM with it and I can connect to it fine with remote desktop from my Windows 7 rig
I maintain it for testing applications that need migration only
Windows MVP, XP, Vista, 7 and 8. More people have climbed Everest than having 3 MVP's on the wall.
Hardcore Games, Legendary is the only Way to Play
Developer | Windows IT | Chess | Economics | Vegan Advocate | PC Reviews
-
Thursday, April 11, 2013 10:10 PM
Been a very long time since I use Server 2003. That is now out of mainstream support and near the end of extended support.
I have a VM with it and I can connect to it fine with remote desktop from my Windows 7 rig
I maintain it for testing applications that need migration only
Do you still have the problem with saved credentials to a remote terminal server on a different domain when the client on the originating domain's AD is running 2003 without the extended GP settings? I'd create a test environment, but I don't have the resources available at this time.
Like the OP, I have no problem saving the credentials on an XP machine in our domain, it works fine in win7 when logged into a local account on the machine without domain authentication, but it still doesn't work when logged into a domain account.
I'm wondering if the problem might actually be that the extended settings in the GP are missing, since all the fixes listed here have not worked for me. I would like to see if anyone else still having the problem has a similar setup in their domain, if they even have access to that information. I'd patch it just to see if it would help, but I don't have the authority.
-
Thursday, April 11, 2013 10:22 PM
I do not use XP, been using 7 since beta
Windows MVP, XP, Vista, 7 and 8. More people have climbed Everest than having 3 MVP's on the wall.
Hardcore Games, Legendary is the only Way to Play
Developer | Windows IT | Chess | Economics | Vegan Advocate | PC Reviews
.png)
